SQLite rawQuery selectionArgs and Integers Fields

Question

As the Android documents says, the selectionArgs parameters of the rawQuery method is parsed as strings.

SQLiteDatabase.rawQuery(String sql, String[] sel

Answer 1

I have the exact same problem I guess. The thing that you are trying to mention is that you can't make actual calculations regarding sqlite database. I have found out that the problem is bigger than the one that you mention. SQLite Database does not seem to understand any field types regarding the field value. Meaning that if you are trying to insert a String value in an INTEGER field type the insertion would not complain.

So the problem is even bigger as you can see. Although I have seen that if you have a column that has only Integers and you make a where statement like: where id = 1 without ' ' then there is a result dataset. So I might ask you if you are sure that this statement does not work: "SELECT * FROM TABLE_A WHERE IFNULL(COLUMN_A, 0) >= 15". But the where id >= '15' does work because it takes the string representation of id which is actual 2 unicode characters(!!!) and tries to make an operator >= to '15' which DOES apply.

The first time I came across these issues surprised me and I have decided to dynamically create the SQL without binding parameters and executing as a whole String. I know it isn't the best way to access the database, without binding parameters, but it is a solution and a good one because security reasons are not that important though your database is secured and your methods of accessing it are private to your Application. If the "intruder" has the ability to access the database by a root phone he could just put it in an SQLITE Studio and he is done.